PT-2020-3402 · Microsoft · Openssh For Windows+1

William Knowles

Published

2020-06-09

Updated

2021-07-21

CVE-2020-1292

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenSSH for Windows (affected versions not specified)

Description The issue is related to an elevation of privilege vulnerability in OpenSSH for Windows. It occurs due to improper restriction of access to configuration settings, allowing an attacker to modify the OpenSSH configuration and potentially elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2020-03725

CVE-2020-1292

Affected Products

Openssh For Windows

Windows

PT-2020-3402 · Microsoft · Openssh For Windows+1

CVE-2020-1292

Weakness Enumeration

Related Identifiers

Affected Products

References · 6